20 matches found
CVE-2022-34112
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...
Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps 1.11.1 security update
An update is now available for Red Hat OpenShift GitOps v1.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2022-34114
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...
CVE-2022-34114
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...
CVE-2022-34115
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...
CVE-2022-34112
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...
CVE-2022-34112
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...
CVE-2022-34115
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...
Sql injection
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...
Design/Logic Flaw
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...
Design/Logic Flaw
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...
CVE-2022-34112
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator...
CVE-2022-34114
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId...
CVE-2022-34112
CVE-2022-34112 describes an access-control flaw in DataEase v1.11.1 where non-admin users can arbitrarily uninstall the plugin via /api/plugin/uninstall. The issue’s root cause is improper permission checks on the uninstall endpoint, enabling privilege escalation to perform a destructive action. ...
CVE-2022-34113
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin...
CVE-2022-34115
DataEase v1.11.1 is affected by a SQL injection vulnerability via the dataSourceId parameter. The issue is tracked as CVE-2022-34115; it is reported as critical (CVSS 3.1: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A fix is available in v1.11.2. The connected sources also reference advisories and...
CVE-2022-34115
DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId...
automake security update
1.11.1-4 - remove BR dependency on java-devel-openjdk 1.11.1-3 - fix for CVE-2012-3386 -- 'make distcheck' was making the directory distdir world-readable 848469...